[codex] align docs with managed billing access

[charlesrhoward]

Summary

Align the docs with the managed billing direction for Mogplex hosted work.

• reframe model access around plan-backed managed access instead of bring-your-own provider keys
• reframe sandbox/workspace access around Mogplex-managed billing instead of user-billed sandbox projects
• update Settings, Models, Plans & Billing, Vercel, Projects/Sandboxes, Quickstart, troubleshooting, security, API, and CLI auth docs to use the new mental model
• keep CLI env-var/provider language only as compatibility and debugging behavior, not as the customer setup path

Why

Mogplex is moving to billed hosted access. The docs previously told users to add provider keys or attach their own Vercel/sandbox billing path, which no longer matches the intended product model.

Validation

• git diff --check
• pnpm lint
• pnpm types:check
• pnpm build
• pre-push hook reran pnpm lint, pnpm types:check, and pnpm build

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mogplex-docs	Ready	Preview, Comment	May 18, 2026 7:19pm

[mogplex]

Mogplex PR Review

Status: Attention needed

This is a documentation-only PR that systematically replaces the "bring-your-own provider key" mental model with "Mogplex-managed billing access" across ~36 MDX files. The changes are internally consistent, well-scoped, and clearly motivated. There are no code, security, or logic issues. However, there are a few doc-level concerns worth addressing: one truncated sentence that will render broken, one subtle self-referential incoherence in the skill description, and a minor factual precision gap in the API response example that could cause user confusion.

1 finding was added inline.

Critical Issues

• Truncated sentence in settings.mdx will render broken for users (content/docs/web/settings.mdx)
  The diff for content/docs/web/settings.mdx ends mid-sentence:

+Users do not need external model credentials or external sandbox accounts for
+normal hosted work. If a model picker is empty or a sandbox cannot launch
+because access is missing, check the account plan or entitlement st

The line is cut at entitlement st — the word state and likely a period or further text is missing. This will render as a broken, incomplete sentence in published docs. Verify the full file ends with a complete sentence (e.g., ...check the account plan or entitlement state.) and that no trailing content was lost in the patch.

Warnings

• API response example renames field without confirming it matches the actual API contract (content/docs/web/api/working-requests.mdx)
  The working-requests doc updates the sample JSON response from:

"platform_access": {
  "allowPlatformAi": true,
  "allowPlatformSandbox": false
}

to:

"managed_access": {
  "allowModels": true,
  "allowSandboxes": false
}

and removes "personalState": "linked" from the vercel object.

If the actual API endpoint has not been updated to match these new field names, the docs will now be factually wrong — users following the quickstart will get a different response shape than shown. Was this coordinated with a backend change, or is it a forward-looking doc that should be marked as pending? If the API hasn't shipped yet, add a note like <!-- NOTE: field names pending API update --> or a <Callout> explaining the field names are subject to change.

Suggestions

• authentication.mdx: 'they are present' sentence appears to end without a period (content/docs/cli/guides/authentication.mdx)
  The diff patch for authentication.mdx ends the ## Provider env vars section with:

Direct provider environment variables are a compatibility and development
escape hatch, not the product setup path for billed Mogplex accounts. They
still take precedence over the account login path when they are present, 

The trailing comma and apparent mid-paragraph cut suggests the paragraph may be incomplete. Confirm the full rendered file has a complete closing sentence for this section.

View check run

[mogplex]

Warning: mogplex-auth skill description still references 'store a provider key' use case

The SKILL.md description field was updated from:

...Use when the user asks to sign in, switch accounts, store a provider key, or when a Mogplex command fails...

to:

...Use when the user asks to sign in, switch accounts, debug env-var overrides, or when a Mogplex command fails...

This is consistent with the PR intent. However, the body of this skill file still includes guidance about Do not write keys into shell rc files on the user's behalf (line ~70), which now reads a bit oddly since the skill no longer claims to cover provider key storage. The retained sentence is arguably still useful for the env-var compatibility path, but a brief inline comment clarifying this is the compatibility/escape-hatch path (not the primary flow) would reduce confusion for future editors of the skill.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 81948e1f03

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore explicit provider env var list for auth overrides

This update removes the per-provider environment-variable mapping from the authentication guide and replaces it with a generic “legacy local provider env vars” phrase, but Configuration and Flags still sends users to this section for the exact variable names (content/docs/cli/guides/configuration-and-flags.mdx:33). In CI or compatibility flows, users now cannot reliably determine which variable to set for non-Mogplex providers, which can cause silent auth fallback and failed runs.

Useful? React with 👍 / 👎.